Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/J0-ezajpps3geFzCVvMnmJXzPKc.roa
File:                     J0-ezajpps3geFzCVvMnmJXzPKc.roa (raw, json)
Hash identifier:          p4hKnmD1lGDL6Li7FPOJKRULALaKy1d038kjYStUEPk=
Subject key identifier:   27:4F:9E:CD:A8:E9:A6:CD:E0:78:5C:C2:56:F3:27:98:95:F3:3C:A7
Certificate issuer:       /CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
Certificate serial:       0199860D4D4C6FA47AEE3E7396FD4C2881EF
Authority key identifier: 17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/J0-ezajpps3geFzCVvMnmJXzPKc.roa
Signing time:             Fri 26 Sep 2025 12:44:02 +0000
ROA not before:           Fri 26 Sep 2025 12:44:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197926
IP address blocks:        88.199.152.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:86:0d:4d:4c:6f:a4:7a:ee:3e:73:96:fd:4c:28:81:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
        Validity
            Not Before: Sep 26 12:44:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=274f9ecda8e9a6cde0785cc256f3279895f33ca7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:e7:af:0a:28:6a:e5:d2:1b:5e:31:4c:0c:37:
                    01:b2:df:31:91:cd:7e:fa:7f:8f:88:0b:27:a9:f4:
                    a7:c8:d4:bb:15:91:13:52:03:b5:a7:21:de:61:99:
                    5b:52:db:28:93:18:43:65:cb:7f:07:dd:98:c5:f0:
                    01:81:e4:e0:f6:71:f5:83:42:73:98:13:71:67:c2:
                    7e:4c:fd:ed:45:eb:d1:d7:97:a3:29:9e:3b:ab:61:
                    5f:81:7d:1e:69:41:b1:ed:3c:4d:ce:20:c8:cf:49:
                    f3:44:c5:5f:55:e3:9a:e1:a8:04:05:78:9e:e2:61:
                    04:bf:f4:dc:f6:81:7e:95:86:5d:f6:47:08:e7:80:
                    f9:c3:b1:50:80:91:1f:a7:10:0e:63:63:db:6c:09:
                    77:a4:90:9d:15:07:d5:83:4a:69:50:8c:4f:77:af:
                    cd:40:0a:64:64:4e:1d:c0:49:1a:22:60:18:ef:e9:
                    f7:ce:0f:7d:40:52:38:b5:38:4c:8c:ef:01:e1:bc:
                    a6:56:19:3c:ee:80:0d:82:b8:1d:3c:a2:43:cd:3e:
                    de:e2:b7:e3:9b:32:c8:4a:20:bd:fb:a4:b1:4e:97:
                    86:3d:b0:cd:ec:fe:ba:88:25:73:1a:fe:2f:76:e7:
                    de:b1:5f:af:a1:88:1b:55:2d:1b:b7:34:2d:a0:c4:
                    dc:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:4F:9E:CD:A8:E9:A6:CD:E0:78:5C:C2:56:F3:27:98:95:F3:3C:A7
            X509v3 Authority Key Identifier:
                keyid:17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/J0-ezajpps3geFzCVvMnmJXzPKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.199.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:73:c3:22:5f:43:6e:6c:b1:b4:08:61:3b:47:5f:7c:59:78:
         00:41:58:b5:38:09:65:05:07:c7:6b:d7:d4:10:6b:b8:56:48:
         1f:0b:f3:bb:da:13:34:4e:8d:5c:e5:1f:e7:8a:2e:35:c2:18:
         0d:f5:99:df:07:13:26:23:a0:e9:6f:e5:3e:e5:4a:79:6d:42:
         9c:1d:e4:32:2e:67:c1:c5:3a:20:65:43:5e:9f:42:cd:26:ee:
         81:2d:95:a4:8a:4b:0a:9d:60:24:14:15:fd:fb:ba:89:d2:7d:
         81:e8:31:7b:77:0e:9a:d9:16:83:ae:dc:f5:fc:fd:78:15:25:
         89:cc:cb:9d:d6:11:91:99:c6:de:01:07:51:aa:1c:4b:0b:3c:
         14:13:72:68:8f:d5:2a:6a:21:10:12:06:1c:c7:09:d6:fe:de:
         f7:80:d0:03:03:b2:96:4b:df:7d:2c:53:1d:3b:7e:4d:74:60:
         7b:2c:3a:2c:1f:de:31:27:e1:b5:75:46:1b:35:9e:81:5f:bb:
         06:f8:2e:98:fa:19:71:12:3e:db:b0:e3:83:59:69:2c:66:e6:
         e8:33:72:93:4c:80:f4:77:d5:b6:0a:9b:2e:69:9c:5b:a2:ec:
         d9:df:c3:bd:8e:4b:6c:05:ff:7e:7e:8d:ce:20:08:23:26:49:
         92:0f:95:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmGDU1Mb6R67j5zlv1MKIHvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTMwMWRjYzdmYWU0ZjdjZTAxZTQ5ODdhNzdjYjgyYTMz
NmFiZmYwHhcNMjUwOTI2MTI0NDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzRmOWVjZGE4ZTlhNmNkZTA3ODVjYzI1NmYzMjc5ODk1ZjMzY2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2+evCihq5dIbXjFMDDcBst8xkc1+
+n+PiAsnqfSnyNS7FZETUgO1pyHeYZlbUtsokxhDZct/B92YxfABgeTg9nH1g0Jz
mBNxZ8J+TP3tRevR15ejKZ47q2FfgX0eaUGx7TxNziDIz0nzRMVfVeOa4agEBXie
4mEEv/Tc9oF+lYZd9kcI54D5w7FQgJEfpxAOY2PbbAl3pJCdFQfVg0ppUIxPd6/N
QApkZE4dwEkaImAY7+n3zg99QFI4tThMjO8B4bymVhk87oANgrgdPKJDzT7e4rfj
mzLISiC9+6SxTpeGPbDN7P66iCVzGv4vdufesV+voYgbVS0btzQtoMTcswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCdPns2o6abN4HhcwlbzJ5iV8zynMB8GA1UdIwQY
MBaAFBeTAdzH+uT3zgHkmHp3y4KjNqv/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQt
YWZmOTJjMTZkOGUzLzEvSjAtZXphanBwczNnZUZ6Q1Z2TW5tSlh6UEtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQtYWZmOTJjMTZkOGUz
LzEvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWMeYMA0G
CSqGSIb3DQEBCwUAA4IBAQA9c8MiX0NubLG0CGE7R198WXgAQVi1OAllBQfHa9fU
EGu4VkgfC/O72hM0To1c5R/nii41whgN9ZnfBxMmI6Dpb+U+5Up5bUKcHeQyLmfB
xTogZUNen0LNJu6BLZWkiksKnWAkFBX9+7qJ0n2B6DF7dw6a2RaDrtz1/P14FSWJ
zMud1hGRmcbeAQdRqhxLCzwUE3Joj9UqaiEQEgYcxwnW/t73gNADA7KWS999LFMd
O35NdGB7LDosH94xJ+G1dUYbNZ6BX7sG+C6Y+hlxEj7bsOODWWksZuboM3KTTID0
d9W2CpsuaZxbouzZ38O9jktsBf9+fo3OIAgjJkmSD5X7
-----END CERTIFICATE-----